[ previous ] [ next ] [ threads ]
 From:  Daniele Guazzoni <daniele dot guazzoni at gcomm dot ch>
 To:  Peter Allgeyer <allgeyer at web dot de>
 Cc:  Manuel Kasper <mk at neon1 dot net>, Peter Curran <peter at closeconsultants dot com>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] RE: [m0n0wall] The future
 Date:  Thu, 13 Oct 2005 00:51:22 +0200
Peter Allgeyer wrote:
> My vote goes to OpenBSD, too. Why?
> * due to its emphasis on security, as Manuel said it.
>   It's not only build with security in mind, there are also a lot of
>   security related protocols like openssh which were actively pushed by
>   the OpenBSD team.
> * the integration of pf and carp - pf is IMHO the best filtering
>   language around (if you don't mention netfilter ;-)), very similar to
>   ipfiter (since it's a further development of it), with a lot of
>   features, ipfilter4 should also bring us, but how stable would it be?
> * carp/pfsync: this is the real highlight of OpenBSD and the real cause
>   not choosing Linux/netfilter. A HA application for filtering, just 
>   like we know it from the good old Nokia appliances running the very
>   expensive CP software. I can't imagine any better point for OpenBSD as
>   this one, having stateful HA interfaces.
>   Sure both, pf and carp are ported to FreeBSD as well, but nothing is
>   better than the original.
> * OpenBSD IPsec implementation (isakmpd), giving us NAT-T, xauth (for
>   cisco vpn clients for example) and filterable (!) Interfaces (one of
>   the major points why I looked at OpenVPN in m0n0)
> * Hardware encryption: suports not only the soekris cards but also
>   VIA C3 and the RNG of the Intel motherboards
> * better bridging code: STP support and able to be filtered by pf
> It convinces me in the integration of all these features. Not like
> FreeBSD/ipfw/ipfilter, OpenBSD uses one filtering language, one IPSEC
> implementation and integrates all those perfectly into the kernel,
> supporting cryptographic functions and accelaretion to all of them.

and on top of your perfect description:
openBSD is pure BSD licensed not like other OS which underlies only 
halfway the BSD license because they integrate SSH form X, SSL form Y, ...